Note: This article is a condensed version of a series that previously appeared in Public Power Current.
Risks to utility operations are rising, and with them the cost of insurance. In this environment, it can be difficult for a public power utility to retain essential insurance coverage while containing costs.
In recent years, insurance companies have made large payouts to customers who have suffered massive losses. Losses from natural disasters hit $133 billion in 2017, a historic high, according to the Insurance Information Institute. Losses due to natural catastrophes fell in 2018 and 2019 but rose again in 2020, driven by a record number of severe storms and wildfires in the U.S. In 2020, the costliest losses came from storms and cyclones, which accounted for about 75% of the $119 billion in losses, followed by wildfires at nearly 20% of losses, and flooding with 4% of losses, according to the institute.
Insurance company SwissRe ranked 2020 as the fifth-costliest year on record since 1970 for the insurance industry.
In order to recapitalize after those losses, insurance companies have a few options that are not necessarily exclusive of each other. They can increase customer premiums, or they can raise the bar in terms of which entities they will insure.
“Insurance carriers have been affected by storms and claim payouts for their insureds, social inflation, and record-setting verdicts,” Ryan Weber, vice president at Marsh USA, said. He noted that pricing increased the past 15 consecutive quarters (through the first quarter of 2021) but reported signs that the market could be adjusting in insureds’ favor for coverage lines such as property and liability.
Increase in Cyberattacks
Ransomware attacks, such as the attack on Colonial Pipeline in early 2021, have also resulted in increased attention to the risk insurance market.
In May 2021, a Government Accountability Office report on cyber insurance highlighted some trends in the cyber insurance market, including:
- Increasing take-up: Data from a global insurance broker indicate its clients’ take-up rate (proportion of existing clients electing coverage) for cyber insurance rose from 26% in 2016 to 47% in 2020.
- Price increases: Higher prices have coincided with increased demand and higher insurer costs from more frequent and severe cyberattacks. “In a recent survey of insurance brokers, more than half of respondents’ clients saw prices go up 10–30% in late 2020,” the report said.
- Lower coverage limits: The growing number of cyberattacks led insurers to reduce coverage limits for some industry sectors, such as health care and education.
- Cyber-specific policies: Insurers increasingly have offered policies specific to cyber-risk, rather than including that risk in packages with other coverage. This shift reflects a desire for more clarity on what is covered and for higher cyber-specific coverage limits.
Adam Lantrip, senior vice president for professional liability and cyber practice leader at specialty insurance brokerage firm CAC Specialty, explained on a podcast why availability of cyber insurance coverage is seemingly shrinking.
“Clients are going to have to demonstrate a much higher baseline level of security in order to qualify for coverage,” he said. Two years ago, “we could have taken just about any company into the marketplace with whatever their controls were and probably been able to get them a pretty good option from somebody in the insurance marketplace.”
“Today, we’re seeing clients that we would objectively think are generally pretty good risks, but they’re answering ‘no’ to one or two or three very specific questions about their security posture, and those ‘no’ responses,” Lantrip added, are resulting in an automatic refusal “from a huge section of the marketplace.”
The U.S. Cybersecurity and Infrastructure Security Agency, within the Department of Homeland Security, noted that a robust cybersecurity insurance market could help reduce the number of successful cyberattacks by: (1) promoting the adoption of preventive measures in return for more coverage; and (2) encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection.
“Many companies forego available policies, however, citing as rationales the perceived high cost of those policies, confusion about what they cover, and uncertainty that their organizations will suffer a cyberattack,” CISA said.
Since 2012, CISA has engaged academia, infrastructure owners and operators, insurers, chief information security officers, risk managers, and others to find ways to expand the cybersecurity insurance market’s ability to address this emerging cyber-risk area. More broadly, the agency has sought input from these same stakeholders on the market’s potential to encourage businesses to improve their cybersecurity in return for more coverage at more affordable rates.
CISA is currently facilitating dialogue about how a cyber-incident data repository could foster both the identification of emerging cybersecurity best practices across sectors and the development of new cybersecurity insurance policies that “reward” businesses for adopting and enforcing those best practices.
Owning Risk
Historically, California’s Sacramento Municipal Utility District has not made any wildfire claims, but the utility operates in a region where wildfires are prevalent, and that proximity can affect perceptions of the risks SMUD faces.
In April 2019, Moody’s Investors Service revised its ratings outlook on SMUD’s outstanding revenue bonds from stable to negative to reflect the more challenging operating environment in California resulting from the impact of wildfires. Moody’s revised its rating on SMUD in May 2020, returning the public power utility’s outlook to stable.
The risks were addressed, but the lesson was clear: The risk environment is changing, and it is best to stay ahead of the problem. In returning the outlook to stable, Moody’s cited SMUD’s “comprehensive actions to shield itself from wildfire risk” and its “sizeable insurance policy and strengthening liquidity.”
Russell Mills, director of risk management and treasurer at SMUD, said the utility tries to differentiate its risk profile from that of other utilities when it makes its annual presentation to underwriters and brokers when it comes time to renew its insurance coverages.
In those meetings, SMUD highlights efforts such as vegetation management, undergrounding, and hardening assets with its Upper American River Project, a series of 11 dams and eight power houses in a high wildfire-risk area on the slopes of the Sierra Nevada Mountains.
Increasing insurance coverage is not the only tool in SMUD’s kit. The utility conducts probable maximum loss studies to better understand its risk exposures and has been hardening its balance sheet as a precaution against possible disasters.
In 2015–16, SMUD had about $100 million in excess liability wildfire insurance coverage. Over three years, the utility raised its coverage to $300 million and then trimmed it back down to about $250 million.
SMUD also bolstered its commercial paper program by 30% to $400 million and raised its operating cash on hand by one month. It is paying down debt to have the capacity to issue bonds if the need arises.
“All three work together — insurance, ratings, and reserves,” Mills said. “It shows our intent and wherewithal.” It also sends a message to the underwriter that the brunt of any liability is not solely on the underwriter, he said.
For cybersecurity threats, Mills recommends utilities take similar steps, such as following the North American Electric Reliability Corp.’s Critical Infrastructure Protection standards and conducting in-house training programs and being prepared to show that the procedures are being followed.
So far, Mills said, no insurance company has turned SMUD down or refused to renew a policy. The utility also has been able to negotiate cuts in proposed premium increases for fire coverage on the order of 10 percentage points.
“At the end of the day, insurance is a means of transferring risk,” Mills said. “You have to own the risk, show that ‘we are part of this.’”
Finding a Partner
The Northern California Power Agency has worked with its new property insurer to identify further ways the joint action agency could prevent losses and manage insurance risk exposure, according to Monty Hanks, chief financial officer and assistant general manager of administrative services.
Hanks said that 2020 was particularly challenging in that the hardened market meant underwriters provided quotes at the last minute, which left NCPA with little time or negotiating room for better terms or lower premiums. “Despite this, we made a commitment to our members to hit the ‘reset’ button in our approach to procuring property insurance for our facilities,” he said.
NCPA contacted new property insurance market players with expertise in the power generation sector, including FM Global, which insures more than a third of the Fortune 1000 companies. Hanks said that NCPA had traditionally marketed its program about three months prior to the policy’s expiration, but FM Global had never quoted it. Hanks learned that three months was not enough time for FM Global to perform its own due diligence.
He found that the company’s engineering-first philosophy and approach, which helps clients become more resilient against natural disasters, matched NCPA’s core principles.
“We engaged FM Global in early 2021 to build a plan, and that started with scheduling loss-control visits,” he explained. “We learned very quickly that they were not like other property insurance companies. They were guided by the belief that most losses can be prevented, and they will dig deep to understand your business needs to help you reduce your risk,” Hanks said. Indeed, the company has a research campus that studies phenomena such as floods, fire, and explosions to provide data spec sheets to help validate and support its engineering recommendations.
Because NCPA’s members are dependent upon power plants running to provide stable, cost-effective resources, its resiliency is critical.
One of the recommendations was to improve vegetation management around a geothermal plant, which is in a relatively high fire-risk area. Although NCPA had always taken a proactive approach to vegetation management, FM Global’s studies “indicated that we should do more and recommended we create a clearance zone around the plant that maintains forested areas 330 feet away from plant buildings, especially the cooling towers,” Hanks said.
NCPA agreed and implemented the recommendation. “Now, NCPA feels like we have found a partner in the property insurance business. The work that we’ve done as a result will ultimately help us better manage our risks and control operational and maintenance costs,” Hanks said.
Shopping Around
In Nebraska, Omaha Public Power District filed a claim as a result of severe flooding that hit the state in 2019. Researchers at the University of Iowa have linked such flood events to warmer weather, particularly higher temperatures in the Gulf of Mexico, a phenomena they say triggers the “Midwest Water Hose.”
Rising floodwaters have also meant rising premiums. For OPPD, that challenge is made even more difficult because it has coal-fired assets in its generation portfolio.
Difficulty finding insurance coverage for new coal projects is becoming more widespread and could become prevalent in America in the coming years, Daniel Laskowsky, director of risk management at OPPD, said.
In 2019, Chubb, a major insurer in the U.S., said it would no longer underwrite the construction and operation of new coal-fired plants or companies that generate more than 30% of revenues from coal generation or mining. By one count, 19 major insurance companies now refuse or restrict their coverage of new coal projects.
“We are doing all we can” in the face of rising threats from natural disasters and increasing premiums, Laskowsky said. He said OPPD has seen double-digit increases in premiums in the renewal process.
OPPD’s approach includes having a solid understanding of its risk tolerance, using market competition to its favor, and working with underwriters and brokers as partners where possible.
Laskowsky recommends shopping around to compare insurance coverages and rates. “It may not be something you do every year, because you don’t want to burn the market,” he said, but if you can find a lower rate, you have to be willing to fight for it and to commit when the time comes in the negotiating process.
Laskowsky also said a utility should lean on its insurance brokers and use them as a resource because they have a broader view of the market and know what the rest of the industry is doing.
In addition, he said, OPPD works with insurance underwriters that are structured as mutual companies that cater to the public power and energy sector. There is more of a partnership approach to doing business and, if a utility participates in the governance process as a member of the organization, “you can have some say in the insurance company’s processes,” he said.
Weber from Marsh USA noted that there are a handful of insurers that specialize in the public power space. “Therefore, each insurance carrier has a pretty good idea of the exposures and landscape of the public power sector.” He recommended that utilities make sure their trading partners are financially stable and know what coverages they are getting from their insurance provider.
He also said utilities can “differentiate themselves in the market by providing thorough underwriting data and starting the renewal process well in advance.”
Pooling
Another model that has been successful is “pooling” insurance coverage across multiple entities. This is a common practice across state and local governmental entities, but it necessarily covers a broader spectrum of services, from police and fire to libraries and public utilities, and therefore may not offer industry-specific coverage that high-risk enterprises may need. Fortunately, this model can also be tailored to a specific industry, provided there is the capital available and the know-how to do so.
Nearly four decades ago, some public power utilities in the Tennessee Valley had no options to buy liability insurance at any price, according to Anthony Salvatore, an area senior vice president with Gallagher.
The Tennessee Valley Public Power Association, which represents public power utilities within the Tennessee Valley Authority’s multistate service area, formed Distributors Insurance Co. with a small amount of startup cash and a $1 million letter of credit backed by TVA. Its goal was to make competitively priced coverage available to all TVPPA members. In the beginning, DIC had three member accounts with approximately $200,000 in total premium. Its portfolio has grown astronomically since: DIC now has 80 accounts with approximately $40 million in assets and $26 million in surplus. It spends a large amount on safety and loss-control efforts for participating members.
Forming a model like DIC or the Public Utility Mutual Insurance Co. (now a risk-retention group) or Aegis (which provides liability and property coverage to mainly investor-owned utilities in the energy industry) would first require conducting a feasibility study, according to Charles Landgraf, a lawyer with Arnold & Porter.
Actuaries would conduct a study to explore allocations, lawyers would be needed to identify and work through issues, the study would have to identify who could serve in the captive manager function, and then work with brokers and deliver the necessary capital. The more narrowly a study is applied, the easier the issues are to work through. Landgraf also noted that while a study exploring only one state’s regulatory law and liability systems would be easier, that reduces the spread of risk and therefore limits the competitive pricing advantages of the pooling model.
Paul Howard, another lawyer at Arnold & Porter, added that the federal Risk Retention Act allows a group captive manager to go national, meaning an entity could be formed in one state to sell insurance to local public power utilities and then sell, or “front,” to public power utilities in other states without becoming licensed in each state. However, this multistate solution is limited to liability lines of business only.
Such a study may cost anywhere from the low six figures for a limited regional approach to the high six figures for a national approach.
“If this became an acute enough problem for state governments in the West, for example, you could in theory work to develop a multistate compact,” Howard said. Community-owned utilities may carry a much more sympathetic message to relevant state leaders — namely, their governors and insurance commissioners — seeking regulatory relief through a mini risk-retention policy model. Politically like-minded state leaders could work together to reach a mutual agreement allowing public power utilities to pool their capacity for self-insurance and to leverage access to global reinsurance. Landgraf explained that having the backing of state leaders through an interstate agreement to simplify and streamline regulations could allow a single entity to be domiciled and licensed in one state and serve the other states, too.
There is credibility on all sides: The insurance companies would want to help public power utilities create an insurance solution they could support; state leaders have seen that more needs to be done to incentivize preventive measures within their own and nearby states; and publicly owned utilities need affordable insurance solutions.
